Apple adds basic anti-malware to Snow Leopard
New OS designed to sniff out a pair of Mac-specific Trojans
Computerworld - Apple has expanded a download warning feature in Mac OS X 10.5 to create rudimentary anti-malware detection in the new Snow Leopard operating system due out Friday, sources have confirmed.
Out of the box, Snow Leopard will be able to detect only two Trojan horses, although Apple will be able to push other signatures to users through the Mac operating system's Software Update service, those sources said.
The confirmation came after reports that Snow Leopard had taken its predecessor's File Quarantine feature a step further, and actually scans files downloaded by Safari, Mail or iChat for malicious code. Where Leopard only warned users that a file had been obtained from the Internet -- and thus was potentially dangerous -- Snow Leopard scans files for possible malware.
According to a screenshot posted Monday by Mac-only antivirus maker Intego, Snow Leopard sniffs out the malware, then puts up a warning that recommends users dump the downloaded file in the Trash rather than open it.
Neither of the two Trojans -- dubbed "RSPlug.a" and "Iservice" by Symantec -- that Snow Leopard currently detects is new. The former was first spotted in October 2007, while the latter debuted in January.
RSPlug made news in late 2007 when security researchers found the malware on numerous pornographic Web sites; if downloaded to a Mac, the Trojan changes the machine's DNS (Domain Name System) settings to redirect users to alternate or spoofed sites. Iservice, on the other hand, was spotted earlier this year piggybacking on pirated copies of iWork '09, Apple's productivity suite, by users who had downloaded the software from file-sharing sites.
Several researchers and bloggers, including Computerworld's Seth Weintraub, spotted a new .plist file in Snow Leopard that the OS uses to store malware signatures. That file, "XProtect.plist," has been tucked into the "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources" folder.
Future signature updates will presumably be added to the XProtect.plist file.
Because Apple regularly bashes Microsoft over the flood of Trojans, worms and viruses that target Windows -- most recently in a new television ad -- its admission that malware affects Macs is a setback, albeit small, to its marketing, said one analyst.
"If Apple includes anti-malware, weak or strong, it does undermine Apple's marketing message, but only slightly," said Ezra Gottheil, an analyst with Technology Business Research. "Apple doesn't claim that Macs cannot be successfully attacked; it claims that they are not often successfully attacked, and that is true. So if adding basic anti-malware software helps keep Macs relatively clean, given their lower [attack] profile, that helps Apple's primary message: Macs are less hassle."
Snow Leopard goes on sale Friday, and requires an Intel-based Mac. People upgrading from Leopard can purchase a $29 single-license, or a $49 five-license Family Pack. Users running Mac OS X 10.4, aka Tiger, must instead purchase the more expensive Box Set, which costs $169 for a single license and $229 for a five-license pack. The Box Set also includes the iLife '09 creativity bundle and the iWork '09 productivity suite.
Mac OS X Snow Leopard
- OS X Snow Leopard desertion rate accelerates after patches stop
- Apple signals end to OS X Snow Leopard support
- Apple sneaks Safari update into Snow Leopard
- OS X Snow Leopard stubbornly rejects retirement
- Snow Leopard users: Just try to pry this from my cold, dead hands
- Apple goes against grain, extends support for Snow Leopard
- Mac users left wondering if OS X Snow Leopard's retired
- Opinion: In depth with Apple's Snow Leopard Server
- Apple fixes data deletion bug in Snow Leopard, blocks Atom 'hackintoshes'
- Smackdown: Windows 7 takes on Apple's Snow Leopard
Read more about Mac OS X in Computerworld's Mac OS X Topic Center.
- Deep Security +VMware vSphere with Operations Management Most midsize organizations are highly virtualized on VMware, and while this has produced significant savings, it also has created new challenges when it...
- Single-Vendor Security Ecosystems Offer Concrete Benefits Over Point Solutions IT security decision-makers from companies with 100 to 5,000 employees evaluates the current endpoint security solution market based on Forrester's own market data,...
- Best Practices for Security and Compliance with Amazon Web Services This paper will discuss what part of the shared responsibility equation customers are responsible for and what some of the recommended security practices...
- Case Study: Intuit Turns to Self-Service IT Intuit empowered its users to resolve their own IT issues with a consumer-like experience to free IT to focus on more strategic initiatives....
- Business-driven data protection Setting up data protection infrastructures with your organizations' core mission or business in mind is key. In this webinar, the ARCserve team will...
- On-Demand Webinar: Mind the Gap! Watch the webinar featuring Bob Janssen, CTO and Co-Founder of RES Software, to start building a solid foundation for business and IT to... All Mac OS X White Papers | Webcasts